Add APK hashes extraction and Add automation workflow #9
Conversation
xukunzh
force-pushed
the
FridaExtractor
branch
from
6b66126 to
b70d798
Compare
| # jinja2 pydantic could be added to requirements.txt later | ||
|
|
||
| # Python packages | ||
| pip install frida==17.2.15 frida-tools jinja2 pydantic |
There was a problem hiding this comment.
pydantic should be part of capa dependencies, shich should be already installed by capa.
Maybe you can have an "optional" step: install capa if not already.
| # Start Frida server on device | ||
| adb shell su -c "/data/local/tmp/frida-server &" | ||
| ``` | ||
| # Disable SELinux enforcement (resets on reboot) |
There was a problem hiding this comment.
I think it is better to mention "Cold Reboot" using emualtor
There was a problem hiding this comment.
Nitpick though: In this file, I think it is better for sub-functions to raise exceptions, and you only catch the exceptions in main and print the error once and suggest users to try manual steps.
| print("Installing frida-server to device...") | ||
| subprocess.run(["adb", "root"], check=True) | ||
| subprocess.run(["adb", "push", frida_server_path, "/data/local/tmp/frida-server"], check=True) | ||
| subprocess.run(["adb", "shell", "chmod", "755", "/data/local/tmp/frida-server"], check=True) |
There was a problem hiding this comment.
I think no need. These only change files and permissions in /data partition, and those should persist across reboots until the files are deleted.
All Frida doc I saw follows this same process: install frida-server, set permissions, then directly start it.
There was a problem hiding this comment.
But will mention cold boot to manual users.
I find rooting changes might be lost because system modifications like Magisk need a full cold boot to apply and persist root changes. Google Play systems need it to stay rooted.
There was a problem hiding this comment.
Same as above. Use exceptions?
| check=True, | ||
| ) | ||
|
|
||
| subprocess.run(["adb", "shell", "setenforce 0"], capture_output=True, check=True) |
There was a problem hiding this comment.
My understanding is that setenforce resets after any restart, so users have to run it every time.
mike-hunhoff
left a comment
mike-hunhoff
left a comment
There was a problem hiding this comment.
Good work @xukunzh , I've left comments for us to chat about.
|
|
||
| # Python packages | ||
| pip install frida==17.2.15 frida-tools jinja2 pydantic | ||
| pip install capa[frida] |
There was a problem hiding this comment.
Why is installing capa as a library required? Can't users simply download and use the standalone binary for the final processing step?
| ### (Optional) Create emulator and start frida-server | ||
| We can auto-create an rooted emulator with frida-server for you. | ||
| But you can manully setup your own emualtor/device. | ||
| For more details, see our [manual setup guide](setup.md) and |
There was a problem hiding this comment.
I believe both of these documents outline essentially the same process? If so, let's combine the bare minimum into a single .md file and include it in this repo.
| # Tools → Device Manager → find 'frida-emulator' and start it" | ||
|
|
||
| ## Complete Workflow | ||
| python main.py --package com.scottyab.rootbeer.sample |
There was a problem hiding this comment.
This command assumes the APK is already loaded onto the device? Otherwise, we'd also need to specify the local APK to load into the emulator? This step confused me a bit and I had to continue reading further down to understand which command flags to use. Also, is it absolutely necessary for users to specify the package name? Or could be simplify and only require users to specify the APK file name?
I ask, because initially I did not know of a quick way to find the package name for an unknown APK file, searched for it, and found the following command:
$ aapt d badging /path/to/apk | grep "package"
If we need to require the package, ndb, but let's add documentation for how to find it, covering both scenarios when user has local APK file and the APK file is already loaded onto the device.
| - Linux: `~/Android/Sdk` | ||
| - Windows: `~\AppData\Local\Android\Sdk` | ||
|
|
||
| ### 2. Install Dependencies |
There was a problem hiding this comment.
The list of dependencies here is heavy, do we absolutely need all of these? I've left comments below for some of these that I don't think are needed, based on my understanding, e.g. node, flare-capa, etc.. I've learned over the years that the more dependencies you have, the less likely your project will get used, so let's do our best to keep it minimal.
|
|
||
| # Python packages | ||
| pip install frida==17.2.15 frida-tools jinja2 pydantic | ||
| pip install capa[frida] |
There was a problem hiding this comment.
| pip install capa[frida] | |
| pip install flare-capa[frida] |
xukunzh
force-pushed
the
FridaExtractor
branch
from
299eeb1 to
47a4dae
Compare
xukunzh
changed the title
Done:
Implement APK hash extraction in
apk_meta_extractor.pyas a separate step.python apk_meta_extractor.py --package com.app --apk /path/to/app.apkAnd apk_meta.json temp file also includes package name, users didn't provide it upfront before.
Add Frida-compile step to import Java bridge.
The automation part is in main.py. with auto Android emulator creation now.
To fix some TS type information issues caused by Frida-compile, switch to using TypeScript to avoid errors.